I am trying to run a script through Group Policy that will put some new shortcuts on selected user's desktop. I do this a lot so I was trying to use group policy instead of my usual manually visiting each computer. I could run this script in Active Directory but I would have to keep changing it to suit my needs instead of just pointing to a new batch file that I have written in a GPO.

What I have is a batch file that I have written that will look at the user's profile determine if they have a certain shortcut on their desktop. This tells the batch file to copy the new shortcut to that particular user's profile. The batch file works exactly the way I want but when I create a Group Policy Object using the logon script under "User Configuration" and point it to my batch file it does not work. I am linking the policy to my users under "Managed users" and setting the security Filtering for "Authenticated users". Another tech told me to set the "Use Group Policy Loopback" on and use "merge" under the "Computer Configuration" but that did not help.

This if for Windows XP machines and I am using Group Policy Management Console version 1.0.2 from my desktop.

Your users won't be able to access the C$ share so no that's not how you do it. Just click the Browse button as shown here and it will take you to the correct location, paste your script file into there, then select it in that browse window. Due to the fact that you're putting the script where the GPO expects to find scripts, you don't need to enter the full path - just the file name

First thing I would check is where is the file located in relation to the users computer? might be that their computer can't access / find the file. also I would go to a pc that it should run on and do a "gpresult /v > c:\policy" to see exactly which policies were enforced and what the status was.

when I create a Group Policy Object using the logon script under "User Configuration" and point it to my batch file it does not work. I am linking the policy to my users under "Managed users" and setting the security Filtering for "Authenticated users". Another tech told me to set the "Use Group Policy Loopback" on and use "merge" under the "Computer Configuration" but that did not help.

Hate to tell you something that you might already know, but you never know what bit of information might trigger the light bulb moment. The reason the loopback didn't work is because loopback policy essentially applies user GPO settings to computers. Because of your GPO is configured for User settings and the security filtering is pointing to users, then the loopback wouldn't know which computers to apply to. This probably doesn't help your situation much, but you know, "knowing is half the battle."

Thanks everyone for you suggestions but I will mention once again that the batch files works great when I run it manually from its location.

@ S133p3R: The directory I have the batch file on is in a shared network folder that everyone has access to. Besides I have access to everything and it still does not work when I logon. Thanks for the "gpresult" command I had forgotten about that. I would think a gpupdate would not be needed since everyone would be turning on their computers in the morning.

Run the batch file from the policy location not a shared location on the file system. Just because it runs manually does not mean it will run from the GPO based on where it is located. Do it the proper way where it runs from the sysvol location based on the policy.

when I create a Group Policy Object using the logon script under "User Configuration" and point it to my batch file it does not work. I am linking the policy to my users under "Managed users" and setting the security Filtering for "Authenticated users". Another tech told me to set the "Use Group Policy Loopback" on and use "merge" under the "Computer Configuration" but that did not help.

Hate to tell you something that you might already know, but you never know what bit of information might trigger the light bulb moment. The reason the loopback didn't work is because loopback policy essentially applies user GPO settings to computers. Because of your GPO is configured for User settings and the security filtering is pointing to users, then the loopback wouldn't know which computers to apply to. This probably doesn't help your situation much, but you know, "knowing is half the battle."

/G.I. Joe!

Well he has security filtering set to Authenticated Users and all computers are members of that group so that wouldn't stop it. However, if the computers are not in the OU that this GPO is linked to then obviously it won't apply as like you said loopback processing is a computer setting not a user setting.

Having said that, you definitely don't need to be using loopback processing at all to make this work (as your logon script is a user setting, and you are applying it to users, so computers and loopback don't even come into it). That is of course unless this other tech has set other GPOs up to use loopback processing and set them in Replace mode, as that would then override any user based GPO settings you are applying... but for now we will assume/hope he hasn't done that.

First thing I would do is as others have said, use gpresult from a user's logon session that should be getting affected by this GPO and see if your GPO is listed in the list of GPOs that were applied or not applied. If it does show that it applied the GPO, then the next thing I would do is add an Echo command at the very start of your script as someone else already suggested. Just do something like this:

Echo test "%USERPROFILE%\Desktop\test.txt"

and then log back on and see if the test file has been created on your desktop. This way you know if it is an issue with the GPO not actually running your script at all, or an issue with your script coding once it gets running.

I also think you should paste the script here so we can see if there is anything obviously wrong, and a screenshot of the GPO setting where you specify the script would be good too.

Run the batch file from the policy location not a shared location on the file system. Just because it runs manually does not mean it will run from the GPO based on where it is located. Do it the proper way where it runs from the sysvol location based on the policy.

I will try that but how to I word the "script name"?
Just the name of the batch file or:

Your users won't be able to access the C$ share so no that's not how you do it. Just click the Browse button as shown here and it will take you to the correct location, paste your script file into there, then select it in that browse window. Due to the fact that you're putting the script where the GPO expects to find scripts, you don't need to enter the full path - just the file name

Your users won't be able to access the C$ share so no that's not how you do it. Just click the Browse button as shown here and it will take you to the correct location, paste your script file into there, then select it in that browse window. Due to the fact that you're putting the script where the GPO expects to find scripts, you don't need to enter the full path - just the file name

Hurray it worked.

I had to figure out where to put the script file though since when I selected browse it took me to \\Domain\sysvol\Domain\Policies\{B2AD7431-B07B-4B15-866A-D6D767B38332}\User\Scripts\Logon and it was empty. So I went onto the server and put my batch file in that directory and again hit browse to find it there. I then selected my managed users and only put myself in the security section to test. Then I placed my users in the security and did a login with my test user and it also worked

Yeah but that's what I meant, in that explorer window that the browse button opens in that location you could have just right clicked in a blank space and done Paste to paste your batch file in :) Like I said afterwards though, its easier to click the Show Files button as that then gives you a "normal" explorer window rather than just a browse window. Anyway glad its sorted, and bear in mind in future that each GPO has a different unique ID so you won't always be putting scripts in that exact same location (those random numbers/letters in the middle of the path will be different for a different GPO)

Yeah but that's what I meant, in that explorer window that the browse button opens in that location you could have just right clicked in a blank space and done Paste to paste your batch file in :) Like I said afterwards though, its easier to click the Show Files button as that then gives you a "normal" explorer window rather than just a browse window. Anyway glad its sorted, and bear in mind in future that each GPO has a different unique ID so you won't always be putting scripts in that exact same location (those random numbers/letters in the middle of the path will be different for a different GPO)

I am glad you told me that because I would have thought you put all the batch files in there.

I know I'm a little late to the party here, but why wouldn't you just go under user config -> Preferences -> windows settings -> shortcuts and target them there? I do all my shortcuts, drive maps, printers the same way. Seems a little easier than coming up with a batch file